Manage automatic propagation of variation pages

I was asked today to disable the automatic propagation of variation pages for one of our site collections. Immediately I checked the Technet article for this.

According to the Technet article I needed to execute the following Powershell scripts:

$site = Get-SPSite "<VariationURL>"
$folder = $site.RootWeb.Lists["Relationships List"].RootFolder
$folder.Properties.Add("DisableAutomaticPropagation", $true)
$folder.Update()
$site.Close()

Unfortunately it didn’t work. for some reason the $folder variable was null
error message was:
You cannot call a method on a null-valued expression.
At line:1 char:23
+ $folder.Properties.Add <<<< ("DisableAutomaticPropagation", $true)
+ CategoryInfo : InvalidOperation: (Add:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

after a little bit of looking around in powershell I did come up with a workaround by loading the Relationships list in a separate variable, changing the script as follows:

$site = Get-SPSite "<VariationURL>"
$list = $site.RootWeb.GetList("Relationships List")
$folder = $list.RootFolder
$folder.Properties.Add("DisableAutomaticPropagation", $true)
$folder.Update()
$site.Close()

Hope this helps someone out :)

Remove HTTP Response Headers for internet facing SharePoint sites

if you are serious about to publish an internet facing SharePoint site you have to consider security. One of the first things a possible hacker will inspect are the HTTP Response Headers. I usually use the Firefox Developper toolbar to check the HTTP Response Headers of my SharePoint sites. (Information Menu -> View Response Headers)

Without cleaning the reponse headers you will see something like:

Connection: Keep-Alive
Expires: Mon, 23 May 2011 13:56:12 GMT
Date: Tue, 07 Jun 2011 13:56:13 GMT
Content-Type: text/html; charset=utf-8
<strong>Server: Microsoft-IIS/7.5</strong>
Cache-Control: private, max-age=0
Last-Modified: Tue, 07 Jun 2011 13:56:12 GMT
<strong>SPRequestGuid: 2ba6c04a-f3ca-40be-a543-7fb2448bd92e
X-SharePointHealthScore: 0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
MicrosoftSharePointTeamServices: 14.0.0.5130</strong>
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding

200 OK

Now, what I needed removing was all the SharePoint stuff, the ASP.NET stuff and the server information (marked in bold). Luckily I was not the first guy out there to do so and I used Stefan Go├čner’s post (http://blogs.technet.com/b/stefan_gossner/archive/2008/03/12/iis-7-how-to-send-a-custom-server-http-header.aspx) as a lead to achieve what I wanted.

I ended up creating a custom HttpModule for removing the excess information in combination with adding a section to the web.config for the custom Headers added by SharePoint as they were not removed by the HttpModule after my initial testing.

Actions performed:
1. Create a folder named App_Code in the IIS folder of the SharePoint site where the headers need to be removed
2. Create a file with notepad named CustomHttpModule.cs
3. Edit with notepad:

using System;
using System.Text;
using System.Web; 

namespace Custom.ServerModules
{
  public class CustomHttpHeaderModule : IHttpModule
  {
    public void Init(HttpApplication context)
    {
      context.PreSendRequestHeaders += OnPreSendRequestHeaders;
    }
    public void Dispose()
    {
    }
    void OnPreSendRequestHeaders(object sender, EventArgs e)
    {
      HttpContext.Current.Response.Headers.Remove("Server");
      HttpContext.Current.Response.Headers.Remove("X-AspNet-Version");
      HttpContext.Current.Response.Headers.Remove("X-SharePointHealthScore");
      HttpContext.Current.Response.Headers.Remove("SPRequestGuid");
    }
 }
}

4. Save the file
5. Edit the web.config file of the SharePoint web application
- Add the custom module to the section system.webserver
- have the custom headers removed

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true">
    ...
    <add name="CustomHttpModule" type="Custom.ServerModules.CustomHttpHeaderModule" />
  </modules>
  ...
  <httpProtocol>
    <customHeaders>
      <remove name="MicrosoftSharePointTeamServices" />
      <remove name="X-Powered-By" />
    </customHeaders>
  </httpProtocol>
</system.webserver>

One remark though if you implement this. Removing the header MicrosoftSharePointTeamServices may break your search crawling. In my case I usually dedicate a web front end for crawling or have the Web application role activated on the crawler. Evidently this web front end does not get the custom httpmodule.